visibility: Check FIPS operational status for MD+Sign operation.

* src/visibility.c (gcry_pk_hash_sign): Check fips status before
calling the operation itself.
(gcry_pk_hash_verify): Ditto.

--

GnuPG-bug-id: 6396
Signed-off-by: Jakub Jelen <jjelen@redhat.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/src/visibility.c b/src/visibility.c
index 73db3dea..1f17e147 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -1050,6 +1050,11 @@ gcry_error_t
 gcry_pk_hash_sign (gcry_sexp_t *result, const char *data_tmpl, gcry_sexp_t skey,
                    gcry_md_hd_t hd, gcry_ctx_t ctx)
 {
+  if (!fips_is_operational ())
+    {
+      *result = NULL;
+      return gpg_error (fips_not_operational ());
+    }
   return gpg_error (_gcry_pk_sign_md (result, data_tmpl, hd, skey, ctx));
 }
 
@@ -1065,6 +1070,8 @@ gcry_error_t
 gcry_pk_hash_verify (gcry_sexp_t sigval, const char *data_tmpl, gcry_sexp_t pkey,
                      gcry_md_hd_t hd, gcry_ctx_t ctx)
 {
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
   return gpg_error (_gcry_pk_verify_md (sigval, data_tmpl, hd, pkey, ctx));
 }